Re: Codes sent by text message

VanguardLH <V@nguard.lh> wrote:

Frank Slootweg <this@ddress.is.invalid> wrote:
 

VanguardLH <V@nguard.lh> wrote:
[...]
 

I resist putting a bank app on my smartphone.  Anyone that has physical
access could get into my account using the .  My banks app says "Secure
your account with a 4-digit passcode or biometric on supported devices."
Sure wish the PIN were longer, like at least 8 digits, and more like a
password where I can use alphanumeric characters, capitalization, and
non-alphanumeric characters.  Or to use both a PIN *and* biometrics
(fingerprint sensor).

 
  I don't use a bank app on my smartphone either. No need, on-line
banking on my laptop works just fine (with the bank's hardware TOTP
device).

 
My bank does not offer a hardware-based TOTP device, like a Yubi key.
Mine is a community bank (no fees of any kind).  They're a bit behind on
technology.
 

  *If* you use a bank app, of course you don't only have to protect the
bank app with PIN/password/biometrics, but first of all have to protect
the whole phone with PIN/password/biometrics. So your scenario of
"Anyone that has physical access could get into my [bank] account" is a
non-existing one, because physical access does not mean they can get
'in' your phone.
 
  Of course there is the theoretical scenario of someone getting hold of
your phone while it is still unlocked - for example they grab it from
your hands and run away -, but even in that scenario, any sensitive apps
- such as your bank app - are still protected by their own PIN/password/
biometrics.

 
Unfortunately my old LG V20 (c.2016) doesn't have an app lock feature.

  The app locking isn't a feature of the phone, but a - required -
feature of the app. In another response you've indicated that you bank's
app indeed does that.

  So (privacy/security) sensitive apps have a lock feature *in* the app.

[...]

Considering theft can incur violence, I could get knocked out, forced at
gun/knife point or by multiple assailants, dead, or the phone swiped
while I'm using it, and someone can still press my finger to the
fingerprint sensor.  A finger on a sensor is handy to unlock the phone,
but doesn't require the user is voluntarily using it.  Although I have
the fingerprint sensor configured to unlock the phone, it sometimes
still asks for my PIN to regain access probably to account for possible
theft of the phone, but the revert from fingerprint unlock to PIN unlock
is infrequent.

  It's more likely that the thief/assailant just takes the phone and
runs, instead of forcing you through *all* the steps needed to get some
money/information out of you, but indeed nothing is impossible and this
has very little to do with smartphone security/privacy.
 

Never had to hand your phone to someone else to use it?

  No, not without me supervising its use. And again, they might be able
to perform some actions, but they can't get into any sensitive apps.

[Irrelevant reverse scenario deleted.]

I've not yet been in the situation where I'm assualted for my phone, but
then security isn't about what has happened but what might happen.  It's
like anti-virus software: if you've been infected then too late, it's to
prevent infection later.

  See above. You lose your *phone*, so you buy a new one and start over.

  OTOH, if your name is 'Newyana2', *anything* goes! :-)

 
Isn't Newyana2 a later nym that Mayayana started using about Sep 2023?

  Yes, but not everybody knows that, so I'm referring to him by his
new/current nym.